Dino Dai Zovi, the New York-based security researcher who took home USD b10000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week's worth of controversy about the security of Apple's operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system - Windows Vista or Mac OS X - is the sturdiest when it comes to security.

It's not like Apple's track record is much better. Since 2005, OSX has had nearly as many Security Updates as Windows, and many of those updates have been massive, at least one fixing over 40 flaws, and multiple updates fixing over 20.

Do you think computer security is a one time event ? A one night stand ? No, computer security is an ongoing never ending process. Apps change, apps grow, can do more and behave differently by each new versions. The OS does also evolve.

After 5 years on the market none of the 25-30 million Mac OS X users have had their Mac OS X systems infected with viruses nor spyware. The end results for Mac OS X after 5 years on the market is one or two unsuccessful worms that where more like a proof of concept - plus one hole in Java (but never the less - a serious enough one)

Which really goes to show that with all the security vulnerabilities many, if not most, have been identified by others that people who tend to write viruses, worms, etc are not bothered with a relatively small user base.

Your rebuttal completely misses the point. Whether or not anyone has bothered to take advantage of all the bugs in MacOS is not the point being made, the point is that OSX has had as many bugs as Windows.

Microsoft has gone from having the worst develpoment policies/processes relating to security to being a model for all other vendors excluding maybe OpenBSD.

Which really goes to show that with all the security vulnerabilities many, if not most, have been identified by others that people who tend to write viruses, worms, etc are not bothered with a relatively small user base.

If the size of the user base was the main reason why no one is writing malware for Mac OS X, then why was Mac OS 9 and previous versions a target? Why is it that I ran Virex on my older Macs (to protect them from viruses in the wild), but my last three Macs (all OS X) have not suffered the same fate?

The user base excuse does have some merit (my BeOS installation is running fine with no real malware threat), but OS X has a huge banner on it asking for it to be compromised. As Umbra stated above, there are 25-30 million OS X users out there, and this is no small number. The target is rather large, and even better, the users would most likely be unsuspecting.